Key Information Vulnerability Name: WordPress Paid Member Subscriptions Plugin <= 2.15.4 is vulnerable to Local File Inclusion Priority: High priority (Patch immediately) Affected Versions: <= 2.15.4 Fixed Version: 2.15.6 Risk: CVSS 7.5 - Description: This vulnerability is highly dangerous and expected to become mass exploited. - Type: Local File Inclusion - Impact: Could allow a malicious actor to include local files of the target website and show its output onto the screen. Files which store credentials, such as database credentials, could potentially allow complete database takeover depending on the configuration. Solution: - Automatically mitigate vulnerabilities and keep your websites safe using Patchstack's virtual patch. - Update to version 2.15.6 or later. Timeline: - Reported by LVThov2k on 29 June 2023 - Early warning sent out to Patchstack customers on 29 June 2023 - Published by Patchstack on 29 July 2023